From 90162e7dbd5b96f04e277e6d208c9a9940d818a9 Mon Sep 17 00:00:00 2001
From: James Cook <james.cook@utoronto.ca>
Date: Sun, 21 Dec 2014 14:26:53 -0800
Subject: [PATCH 1/3] jasper:  Patch for CVE-2014-9029 via RedHat.

Also update homepage.
---
 pkgs/development/libraries/jasper/default.nix |  4 ++-
 .../jasper/jasper-CVE-2014-9029.diff          | 31 +++++++++++++++++++
 2 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 pkgs/development/libraries/jasper/jasper-CVE-2014-9029.diff

diff --git a/pkgs/development/libraries/jasper/default.nix b/pkgs/development/libraries/jasper/default.nix
index ed51a0a28206..fa332cc66d3c 100644
--- a/pkgs/development/libraries/jasper/default.nix
+++ b/pkgs/development/libraries/jasper/default.nix
@@ -8,13 +8,15 @@ stdenv.mkDerivation rec {
     sha256 = "154l7zk7yh3v8l2l6zm5s2alvd2fzkp6c9i18iajfbna5af5m43b";
   };
 
+  patches = [ ./jasper-CVE-2014-9029.diff ];
+
   nativeBuildInputs = [unzip];
   propagatedBuildInputs = [ libjpeg ];
 
   configureFlags = "--enable-shared";
   
   meta = {
-    homepage = http://www.ece.uvic.ca/~mdadams/jasper/;
+    homepage = https://www.ece.uvic.ca/~frodo/jasper/;
     description = "JPEG2000 Library";
   };
 }
diff --git a/pkgs/development/libraries/jasper/jasper-CVE-2014-9029.diff b/pkgs/development/libraries/jasper/jasper-CVE-2014-9029.diff
new file mode 100644
index 000000000000..aa01324dba72
--- /dev/null
+++ b/pkgs/development/libraries/jasper/jasper-CVE-2014-9029.diff
@@ -0,0 +1,31 @@
+(From RedHat: https://bugzilla.redhat.com/attachment.cgi?id=961994&action=diff)
+
+--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c	2014-11-27 12:45:44.000000000 +0100
++++ jasper-1.900.1/src/libjasper/jpc/jpc_dec.c	2014-11-27 12:44:58.000000000 +0100
+@@ -1281,7 +1281,7 @@ static int jpc_dec_process_coc(jpc_dec_t
+ 	jpc_coc_t *coc = &ms->parms.coc;
+ 	jpc_dec_tile_t *tile;
+ 
+-	if (JAS_CAST(int, coc->compno) > dec->numcomps) {
++	if (JAS_CAST(int, coc->compno) >= dec->numcomps) {
+ 		jas_eprintf("invalid component number in COC marker segment\n");
+ 		return -1;
+ 	}
+@@ -1307,7 +1307,7 @@ static int jpc_dec_process_rgn(jpc_dec_t
+ 	jpc_rgn_t *rgn = &ms->parms.rgn;
+ 	jpc_dec_tile_t *tile;
+ 
+-	if (JAS_CAST(int, rgn->compno) > dec->numcomps) {
++	if (JAS_CAST(int, rgn->compno) >= dec->numcomps) {
+ 		jas_eprintf("invalid component number in RGN marker segment\n");
+ 		return -1;
+ 	}
+@@ -1356,7 +1356,7 @@ static int jpc_dec_process_qcc(jpc_dec_t
+ 	jpc_qcc_t *qcc = &ms->parms.qcc;
+ 	jpc_dec_tile_t *tile;
+ 
+-	if (JAS_CAST(int, qcc->compno) > dec->numcomps) {
++	if (JAS_CAST(int, qcc->compno) >= dec->numcomps) {
+ 		jas_eprintf("invalid component number in QCC marker segment\n");
+ 		return -1;
+ 	}

From 951ac10ae15bf53ea919802a8c3570518f34d86b Mon Sep 17 00:00:00 2001
From: James Cook <falsifian@google.com>
Date: Sun, 21 Dec 2014 14:36:29 -0800
Subject: [PATCH 2/3] jasper:  Patch for CVE-2014-8137 via RedHat.

---
 pkgs/development/libraries/jasper/default.nix |  5 ++-
 .../jasper/jasper-CVE-2014-8137-noabort.diff  | 16 +++++++
 .../jasper/jasper-CVE-2014-8137-variant2.diff | 45 +++++++++++++++++++
 .../jasper/jasper-CVE-2014-9029.diff          |  2 +-
 4 files changed, 66 insertions(+), 2 deletions(-)
 create mode 100644 pkgs/development/libraries/jasper/jasper-CVE-2014-8137-noabort.diff
 create mode 100644 pkgs/development/libraries/jasper/jasper-CVE-2014-8137-variant2.diff

diff --git a/pkgs/development/libraries/jasper/default.nix b/pkgs/development/libraries/jasper/default.nix
index fa332cc66d3c..38c53edb439b 100644
--- a/pkgs/development/libraries/jasper/default.nix
+++ b/pkgs/development/libraries/jasper/default.nix
@@ -8,7 +8,10 @@ stdenv.mkDerivation rec {
     sha256 = "154l7zk7yh3v8l2l6zm5s2alvd2fzkp6c9i18iajfbna5af5m43b";
   };
 
-  patches = [ ./jasper-CVE-2014-9029.diff ];
+  patches = [
+    ./jasper-CVE-2014-8137-variant2.diff ./jasper-CVE-2014-8137-noabort.diff
+    ./jasper-CVE-2014-9029.diff
+  ];
 
   nativeBuildInputs = [unzip];
   propagatedBuildInputs = [ libjpeg ];
diff --git a/pkgs/development/libraries/jasper/jasper-CVE-2014-8137-noabort.diff b/pkgs/development/libraries/jasper/jasper-CVE-2014-8137-noabort.diff
new file mode 100644
index 000000000000..47b57d5c8098
--- /dev/null
+++ b/pkgs/development/libraries/jasper/jasper-CVE-2014-8137-noabort.diff
@@ -0,0 +1,16 @@
+From RedHat: https://bugzilla.redhat.com/attachment.cgi?id=967284&action=diff
+
+--- jasper-1.900.1.orig/src/libjasper/jp2/jp2_dec.c	2014-12-11 14:30:54.193209780 +0100
++++ jasper-1.900.1/src/libjasper/jp2/jp2_dec.c	2014-12-11 14:36:46.313217814 +0100
+@@ -291,7 +291,10 @@ jas_image_t *jp2_decode(jas_stream_t *in
+ 	case JP2_COLR_ICC:
+ 		iccprof = jas_iccprof_createfrombuf(dec->colr->data.colr.iccp,
+ 		  dec->colr->data.colr.iccplen);
+-		assert(iccprof);
++		if (!iccprof) {
++			jas_eprintf("error: failed to parse ICC profile\n");
++			goto error;
++		}
+ 		jas_iccprof_gethdr(iccprof, &icchdr);
+ 		jas_eprintf("ICC Profile CS %08x\n", icchdr.colorspc);
+ 		jas_image_setclrspc(dec->image, fromiccpcs(icchdr.colorspc));
diff --git a/pkgs/development/libraries/jasper/jasper-CVE-2014-8137-variant2.diff b/pkgs/development/libraries/jasper/jasper-CVE-2014-8137-variant2.diff
new file mode 100644
index 000000000000..243300dd70ee
--- /dev/null
+++ b/pkgs/development/libraries/jasper/jasper-CVE-2014-8137-variant2.diff
@@ -0,0 +1,45 @@
+From RedHat: https://bugzilla.redhat.com/attachment.cgi?id=967283&action=diff
+
+--- jasper-1.900.1.orig/src/libjasper/base/jas_icc.c	2014-12-11 14:06:44.000000000 +0100
++++ jasper-1.900.1/src/libjasper/base/jas_icc.c	2014-12-11 15:16:37.971272386 +0100
+@@ -1009,7 +1009,6 @@ static int jas_icccurv_input(jas_iccattr
+ 	return 0;
+ 
+ error:
+-	jas_icccurv_destroy(attrval);
+ 	return -1;
+ }
+ 
+@@ -1127,7 +1126,6 @@ static int jas_icctxtdesc_input(jas_icca
+ #endif
+ 	return 0;
+ error:
+-	jas_icctxtdesc_destroy(attrval);
+ 	return -1;
+ }
+ 
+@@ -1206,8 +1204,6 @@ static int jas_icctxt_input(jas_iccattrv
+ 		goto error;
+ 	return 0;
+ error:
+-	if (txt->string)
+-		jas_free(txt->string);
+ 	return -1;
+ }
+ 
+@@ -1328,7 +1324,6 @@ static int jas_icclut8_input(jas_iccattr
+ 		goto error;
+ 	return 0;
+ error:
+-	jas_icclut8_destroy(attrval);
+ 	return -1;
+ }
+ 
+@@ -1497,7 +1492,6 @@ static int jas_icclut16_input(jas_iccatt
+ 		goto error;
+ 	return 0;
+ error:
+-	jas_icclut16_destroy(attrval);
+ 	return -1;
+ }
+ 
diff --git a/pkgs/development/libraries/jasper/jasper-CVE-2014-9029.diff b/pkgs/development/libraries/jasper/jasper-CVE-2014-9029.diff
index aa01324dba72..01db7f03cdf8 100644
--- a/pkgs/development/libraries/jasper/jasper-CVE-2014-9029.diff
+++ b/pkgs/development/libraries/jasper/jasper-CVE-2014-9029.diff
@@ -1,4 +1,4 @@
-(From RedHat: https://bugzilla.redhat.com/attachment.cgi?id=961994&action=diff)
+From RedHat: https://bugzilla.redhat.com/attachment.cgi?id=961994&action=diff
 
 --- jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c	2014-11-27 12:45:44.000000000 +0100
 +++ jasper-1.900.1/src/libjasper/jpc/jpc_dec.c	2014-11-27 12:44:58.000000000 +0100

From 1b5c9c24dea9d5241f4a46a471d77d185b31b524 Mon Sep 17 00:00:00 2001
From: James Cook <falsifian@google.com>
Date: Sun, 21 Dec 2014 14:38:00 -0800
Subject: [PATCH 3/3] jasper:  Patch for CVE-2014-8138 via RedHat.

---
 pkgs/development/libraries/jasper/default.nix    |  1 +
 .../libraries/jasper/jasper-CVE-2014-8138.diff   | 16 ++++++++++++++++
 2 files changed, 17 insertions(+)
 create mode 100644 pkgs/development/libraries/jasper/jasper-CVE-2014-8138.diff

diff --git a/pkgs/development/libraries/jasper/default.nix b/pkgs/development/libraries/jasper/default.nix
index 38c53edb439b..94e6cba4ee4c 100644
--- a/pkgs/development/libraries/jasper/default.nix
+++ b/pkgs/development/libraries/jasper/default.nix
@@ -10,6 +10,7 @@ stdenv.mkDerivation rec {
 
   patches = [
     ./jasper-CVE-2014-8137-variant2.diff ./jasper-CVE-2014-8137-noabort.diff
+    ./jasper-CVE-2014-8138.diff
     ./jasper-CVE-2014-9029.diff
   ];
 
diff --git a/pkgs/development/libraries/jasper/jasper-CVE-2014-8138.diff b/pkgs/development/libraries/jasper/jasper-CVE-2014-8138.diff
new file mode 100644
index 000000000000..cbf0899d807a
--- /dev/null
+++ b/pkgs/development/libraries/jasper/jasper-CVE-2014-8138.diff
@@ -0,0 +1,16 @@
+From RedHat: https://bugzilla.redhat.com/attachment.cgi?id=967280&action=diff
+
+--- jasper-1.900.1.orig/src/libjasper/jp2/jp2_dec.c	2014-12-11 14:06:44.000000000 +0100
++++ jasper-1.900.1/src/libjasper/jp2/jp2_dec.c	2014-12-11 14:06:26.000000000 +0100
+@@ -386,6 +386,11 @@ jas_image_t *jp2_decode(jas_stream_t *in
+ 	/* Determine the type of each component. */
+ 	if (dec->cdef) {
+ 		for (i = 0; i < dec->numchans; ++i) {
++			/* Is the channel number reasonable? */
++			if (dec->cdef->data.cdef.ents[i].channo >= dec->numchans) {
++				jas_eprintf("error: invalid channel number in CDEF box\n");
++				goto error;
++			}
+ 			jas_image_setcmpttype(dec->image,
+ 			  dec->chantocmptlut[dec->cdef->data.cdef.ents[i].channo],
+ 			  jp2_getct(jas_image_clrspc(dec->image),